feat: more lambda config options (#573)

* fet: more lambda config options

* chore: remove unused var

* review

.gitignore

@@ -19,6 +19,7 @@ examples/quickstart/minio/*
 .terraform.lock.hcl
 .terraform.tfstate.lock*
 terraform.*
+backend.tf
 build/buz
 *.build
 target/*

deploy/terraform/aws/lambda/locals.tf

@@ -1,19 +1,19 @@
 locals {
-  domain_parts        = split(".", var.buz_domain)
-  cookie_domain       = join(".", slice(local.domain_parts, 1, length(local.domain_parts))) # Assumes Buz is running on a subdomain and the cookie should be on root
-  buz_debug_var       = "DEBUG"
-  buz_config_var      = "BUZ_CONFIG_PATH"
-  buz_config_path     = "/etc/buz/config.yml"
-  system_env_base     = "${var.system}-${var.env}-"
-  artifact_repository = "${local.system_env_base}img"
-  image               = "buz:${var.buz_version}"
-  buz_source_image    = "ghcr.io/silverton-io/${local.image}"
-  service_name        = "${local.system_env_base}collector"
-  config              = "${local.system_env_base}config"
-  schema_bucket       = "${local.system_env_base}${var.schema_bucket_name}"
-  events_bucket       = "${local.system_env_base}${var.events_bucket_name}"
-  default_output        = "buz_events"
-  deadletter_output      = "buz_invalid_events"
+  domain_parts               = split(".", var.buz_domain)
+  cookie_domain              = join(".", slice(local.domain_parts, 1, length(local.domain_parts))) # Assumes Buz is running on a subdomain and the cookie should be on root
+  buz_debug_var              = "DEBUG"
+  buz_config_var             = "BUZ_CONFIG_PATH"
+  buz_config_path            = "/etc/buz/config.yml"
+  system_env_base            = "${var.system}-${var.env}-"
+  artifact_repository        = "${local.system_env_base}img"
+  image                      = "buz:${var.buz_version}"
+  buz_source_image           = "${var.buz_image_repo}/${local.image}"
+  service_name               = "${local.system_env_base}collector"
+  config                     = "${local.system_env_base}config"
+  schema_bucket              = "${local.system_env_base}${var.schema_bucket_name}"
+  events_bucket              = "${local.system_env_base}${var.events_bucket_name}"
+  default_output             = "buz_events"
+  deadletter_output          = "buz_invalid_events"
   metadata_extraction_params = "{isValid:.isValid,vendor:.vendor,namespace:.namespace,version:.version}"
-  s3_dynamic_prefix   = "isValid=!{partitionKeyFromQuery:isValid}/vendor=!{partitionKeyFromQuery:vendor}/namespace=!{partitionKeyFromQuery:namespace}/version=!{partitionKeyFromQuery:version}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/"
+  s3_dynamic_prefix          = "isValid=!{partitionKeyFromQuery:isValid}/vendor=!{partitionKeyFromQuery:vendor}/namespace=!{partitionKeyFromQuery:namespace}/version=!{partitionKeyFromQuery:version}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/"
 }

deploy/terraform/aws/lambda/main.tf

@@ -139,7 +139,7 @@ data "aws_ecr_image" "buz_image" {
 
 resource "null_resource" "configure_docker" {
   triggers = {
-    build_number = var.buz_version
+    always_run = timestamp()
   }
   provisioner "local-exec" {
     command = "aws ecr get-login-password --region ${var.aws_region} | docker login --username AWS --password-stdin ${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.aws_region}.amazonaws.com"
@@ -228,6 +228,14 @@ resource "aws_cloudwatch_log_group" "buz" {
   }
 }
 
+data "aws_cloudfront_origin_request_policy" "buz" {
+  name = "Managed-AllViewerExceptHostHeader"
+}
+
+data "aws_cloudfront_cache_policy" "buz" {
+  name = "Managed-CachingDisabled"
+}
+
 resource "aws_cloudfront_distribution" "buz" {
   enabled         = true
   is_ipv6_enabled = true
@@ -248,25 +256,20 @@ resource "aws_cloudfront_distribution" "buz" {
   }
 
   default_cache_behavior {
-    viewer_protocol_policy = "redirect-to-https"
-    min_ttl                = 0
-    default_ttl            = 3600
-    max_ttl                = 86400
-    target_origin_id       = replace(replace(aws_lambda_function_url.buz.function_url, "https://", ""), "/", "")
-    allowed_methods        = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
-    cached_methods         = ["HEAD", "GET"]
-    forwarded_values {
-      query_string = true
-      cookies {
-        forward = "all"
-      }
-    }
+    viewer_protocol_policy   = "redirect-to-https"
+    min_ttl                  = 0
+    default_ttl              = 3600
+    max_ttl                  = 86400
+    target_origin_id         = replace(replace(aws_lambda_function_url.buz.function_url, "https://", ""), "/", "")
+    allowed_methods          = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods           = ["HEAD", "GET"]
+    origin_request_policy_id = data.aws_cloudfront_origin_request_policy.buz.id
+    cache_policy_id          = data.aws_cloudfront_cache_policy.buz.id
   }
 
   restrictions {
     geo_restriction {
-      restriction_type = "whitelist"
-      locations        = ["US", "CA", "GB", "DE"]
+      restriction_type = "none"
     }
   }
 

deploy/terraform/aws/lambda/provider.tf

@@ -10,5 +10,6 @@ terraform {
 }
 
 provider "aws" {
-  region = var.aws_region
-}
+  region  = var.aws_region
+  profile = var.aws_profile
+}

deploy/terraform/aws/lambda/variables.tf

@@ -4,6 +4,12 @@ variable "aws_region" {
   default     = "us-east-1"
 }
 
+variable "aws_profile" {
+  description = "AWS Profile"
+  type        = string
+  default     = "default"
+}
+
 variable "system" {
   description = "The name of the Buz implementation. \n\nExample: buz"
   type        = string
@@ -26,6 +32,12 @@ variable "buz_domain" {
   type        = string
 }
 
+variable "buz_image_repo" {
+  description = "The Buz image repository"
+  type        = string
+  default     = "ghcr.io/silverton-io"
+}
+
 variable "buz_version" {
   description = "The version of Buz to run."
   type        = string